Results 1  10
of
27
On the Limits of NonApproximability of Lattice Problems
, 1998
"... We show simple constantround interactive proof systems for problems capturing the approximability, to within a factor of p n, of optimization problems in integer lattices; specifically, the closest vector problem (CVP), and the shortest vector problem (SVP). These interactive proofs are for th ..."
Abstract

Cited by 80 (3 self)
 Add to MetaCart
We show simple constantround interactive proof systems for problems capturing the approximability, to within a factor of p n, of optimization problems in integer lattices; specifically, the closest vector problem (CVP), and the shortest vector problem (SVP). These interactive proofs are for the "coNP direction"; that is, we give an interactive protocol showing that a vector is "far" from the lattice (for CVP), and an interactive protocol showing that the shortestlatticevector is "long" (for SVP). Furthermore, these interactive proof systems are HonestVerifier Perfect ZeroKnowledge. We conclude that approximating CVP (resp., SVP) within a factor of p n is in NP " coAM. Thus, it seems unlikely that approximating these problems to within a p n factor is NPhard. Previously, for the CVP (resp., SVP) problem, Lagarias et. al., Hastad and Banaszczyk showed that the gap problem corresponding to approximating CVP (resp., SVP) within n is in NP " coNP . On the other hand, Ar...
Testing that distributions are close
 In IEEE Symposium on Foundations of Computer Science
, 2000
"... Given two distributions over an n element set, we wish to check whether these distributions are statistically close by only sampling. We give a sublinear algorithm which uses O(n 2/3 ɛ −4 log n) independent samples from each distribution, runs in time linear in the sample size, makes no assumptions ..."
Abstract

Cited by 76 (16 self)
 Add to MetaCart
Given two distributions over an n element set, we wish to check whether these distributions are statistically close by only sampling. We give a sublinear algorithm which uses O(n 2/3 ɛ −4 log n) independent samples from each distribution, runs in time linear in the sample size, makes no assumptions about the structure of the distributions, and distinguishes the cases ɛ when the distance between the distributions is small (less than max ( 2 32 3 √ n, ɛ 4 √)) or large (more n than ɛ) in L1distance. We also give an Ω(n 2/3 ɛ −2/3) lower bound. Our algorithm has applications to the problem of checking whether a given Markov process is rapidly mixing. We develop sublinear algorithms for this problem as well.
Quantum Lower Bound for the Collision Problem
, 2002
"... The collision problem is to decide whether a function X : . . . , n} is onetoone or twotoone, given that one of these is the case. We show a lower bound of on the number of queries needed by a quantum computer to solve this problem with bounded error probability. The best known upper bou ..."
Abstract

Cited by 58 (13 self)
 Add to MetaCart
The collision problem is to decide whether a function X : . . . , n} is onetoone or twotoone, given that one of these is the case. We show a lower bound of on the number of queries needed by a quantum computer to solve this problem with bounded error probability. The best known upper bound is O , but obtaining any lower bound better than# (1) was an open problem since 1997. Our proof uses the polynomial method augmented by some new ideas. We also give a lower bound for the problem of deciding whether two sets are equal or disjoint on a constant fraction of elements. Finally we give implications of these results for quantum complexity theory.
Quantum search of spatial regions
 THEORY OF COMPUTING
, 2005
"... Can Grover’s algorithm speed up search of a physical region—for example a 2D grid of size √ n × √ n? The problem is that √ n time seems to be needed for each query, just to move amplitude across the grid. Here we show that this problem can be surmounted, refuting a claim to the contrary by Beniof ..."
Abstract

Cited by 57 (8 self)
 Add to MetaCart
Can Grover’s algorithm speed up search of a physical region—for example a 2D grid of size √ n × √ n? The problem is that √ n time seems to be needed for each query, just to move amplitude across the grid. Here we show that this problem can be surmounted, refuting a claim to the contrary by Benioff. In particular, we show how to search a ddimensional hypercube in time O ( √ n) for d ≥ 3, or O ( √ nlog 5/2 n) for d = 2. More generally, we introduce a model of quantum query complexity on graphs, motivated by fundamental physical limits on information storage, particularly the holographic principle from black hole thermodynamics. Our results in this model include almosttight upper and lower bounds for many search tasks; a generalized algorithm that works for any graph with good expansion properties, not just hypercubes; and relationships among several notions of ‘locality’ for unitary matrices acting on graphs. As an application of our results, we give an O (√ n)qubit communication protocol for the disjointness problem, which improves an upper bound of Høyer and de Wolf and matches a lower bound of Razborov.
Adiabatic quantum state generation and statistical zeroknowledge
 in Proc. 35th STOC
, 2003
"... The design of new quantum algorithms has proven to be an extremely difficult task. This paper considers a different approach to the problem. We systematically study ’quantum state generation’, namely, which superpositions can be efficiently generated. We first show that all problems in Statistical Z ..."
Abstract

Cited by 42 (3 self)
 Add to MetaCart
The design of new quantum algorithms has proven to be an extremely difficult task. This paper considers a different approach to the problem. We systematically study ’quantum state generation’, namely, which superpositions can be efficiently generated. We first show that all problems in Statistical Zero Knowledge (SZK), a class which contains many languages that are natural candidates for BQP, can be reduced to an instance of quantum state generation. This was known before for graph isomorphism, but we give a general recipe for all problems in SZK. We demonstrate the reduction from the problem to its quantum state generation version for three examples: Discrete log, quadratic residuosity and a gap version of closest vector in a lattice. We then develop tools for quantum state generation. For this task, we define the framework of ’adiabatic quantum state generation ’ which uses the language of ground states, spectral gaps and Hamiltonians instead of the standard unitary gate language. This language stems from the recently suggested adiabatic computation model [20] and seems to be especially tailored for the task of quantum state generation. After defining the paradigm, we provide two basic lemmas for adiabatic quantum state generation: • The Sparse Hamiltonian lemma, which gives a general technique for implementing sparse Hamiltonians efficiently, and, • The jagged adiabatic path lemma, which gives conditions for a sequence of Hamiltonians to allow efficient adiabatic state generation. We use our tools to prove that any quantum state which can be generated efficiently in the standard model can also be generated efficiently adiabatically, and vice versa. Finally we show how to apply our techniques to generate superpositions corresponding to limiting distributions of a large class of Markov chains, including the uniform distribution over all perfect
ZeroKnowledge Against Quantum Attacks
 STOC'06
, 2006
"... This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally conceal ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally concealing commitment schemes in the second case). Also included is a quantum interactive protocol for a complete problem for the complexity class of problems having “honest verifier” quantum statistical zeroknowledge proofs, which therefore establishes that honest verifier and general quantum statistical zeroknowledge are equal: QSZK = QSZK HV. Previously no nontrivial proof systems were known to be zeroknowledge against quantum attacks, except in restricted settings such as the honestverifier and common reference string models. This paper therefore establishes for the first time that true zeroknowledge is indeed possible in the presence of quantum information and computation.
Limits on the Power of Quantum Statistical ZeroKnowledge
, 2003
"... In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK
Immunizing Encryption Schemes from Decryption Errors
 In Eurocrypt 2004, SpringerVerlag (LNCS 3027
, 2004
"... We provide methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors. Immunity to decryption errors is vital when constructing nonmalleable and chosen ciphertext secure encryption schemes via current techniques; in addition, it may help ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
We provide methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors. Immunity to decryption errors is vital when constructing nonmalleable and chosen ciphertext secure encryption schemes via current techniques; in addition, it may help defend against certain cryptanalytic techniques, such as the attack of Proos [36] on the NTRU scheme.
On the hardness of distinguishing mixedstate quantum computations
, 2004
"... This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform into almost perfectly distinguishable outputs. This may be viewed as an abstraction of the problem that asks, given two discrete quantum mechanical processes described by sequences of local interactions, are the processes effectively the same or are they different? We prove that this promise problem is complete for the class QIP of problems having quantum interactive proof systems, and is therefore PSPACEhard. This is in contrast to the fact that the analogous problem for classical (probabilistic) circuits is in AM, and for unitary quantum circuits is in QMA.
Uniform Hardness Versus Randomness Tradeoffs For ArthurMerlin Games
, 2003
"... Impagliazzo and Wigderson proved a uniform hardness vs. ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
Impagliazzo and Wigderson proved a uniform hardness vs.